✨ V6: First Production Release (#77)

Co-authored-by: t11s <[email protected]>
Co-authored-by: z0r0z <[email protected]>
Co-authored-by: alephao <[email protected]>
Co-authored-by: 0age <[email protected]>
Co-authored-by: joshieDo <[email protected]>
Co-authored-by: Matt <[email protected]>
Co-authored-by: Andreas Bigger <[email protected]>
Co-authored-by: Ryan <[email protected]>
Co-authored-by: Zefram Lou <[email protected]>
Co-authored-by: RagePit <[email protected]>

Author: 10 people

.gas-snapshot

@@ -1,42 +1,151 @@
-testAcceptingOwner() (gas: 139707)
-testFailNonOwner2() (gas: 3773)
-testFailRejectingAuthority1() (gas: 119902)
-testFailNonOwner1() (gas: 3742)
-testFailRejectingAuthority2() (gas: 119999)
+testFailSetAuthorityWithRestrictiveAuthority() (gas: 126002)
+testSetAuthorityWithPermissiveAuthority() (gas: 127687)
+testFailSetOwnerWithRestrictiveAuthority() (gas: 126166)
+testFailCallFunctionAsNonOwner() (gas: 4191)
+testSetAuthorityAsOwner() (gas: 23802)
+testFailCallFunctionAsOwnerWithOutOfOrderAuthority() (gas: 135733)
+testCallFunctionWithPermissiveAuthority() (gas: 125973)
+testFailSetAuthorityAsNonOwner() (gas: 6960)
+testFailSetOwnerAsOwnerWithOutOfOrderAuthority() (gas: 135873)
+testCallFunctionAsOwner() (gas: 21371)
+testFailCallFunctionWithRestrictiveAuthority() (gas: 126125)
+testSetOwnerWithPermissiveAuthority() (gas: 147508)
+testFailSetOwnerAsNonOwner() (gas: 4309)
+testSetAuthorityAsOwnerWithOutOfOrderAuthority() (gas: 234329)
+testSetOwnerAsOwner() (gas: 3998)
 testFromLast20Bytes() (gas: 191)
 testFillLast12Bytes() (gas: 223)
-testFailDoubleDeploySameBytecode() (gas: 277076930206519)
-testDeployERC20() (gas: 885671)
-testFailDoubleDeployDifferentBytecode() (gas: 277076930206511)
-testMin() (gas: 715)
-testFPow() (gas: 1738)
-testMax() (gas: 757)
-testFailFDivZeroXY() (gas: 298)
-testSqrt() (gas: 2342)
-testFDiv() (gas: 764)
-testFDivEdgeCases() (gas: 543)
-testFMulEdgeCases() (gas: 823)
-testFailFDivXYB() (gas: 319)
-testFailFDivZeroY() (gas: 274)
+testFailDoubleDeploySameBytecode() (gas: 277076930206699)
+testDeployERC20() (gas: 873896)
+testFailDoubleDeployDifferentBytecode() (gas: 277076930214885)
+testFailBoundMinBiggerThanMax() (gas: 309)
+testBound() (gas: 5520)
+testFailSafeBatchTransferFromToRevertingERC1155Recipient() (gas: 1041163)
+testMintToEOA() (gas: 30265)
+testFailMintToNonERC155Recipient() (gas: 71897)
+testFailSafeBatchTransferFromToZero() (gas: 805864)
+testBatchMintToERC1155Recipient() (gas: 946375)
+testApproveAll() (gas: 26509)
+testFailSafeBatchTransferFromWithArrayLengthMismatch() (gas: 681042)
+testFailBatchMintToZero() (gas: 127242)
+testFailSafeBatchTransferFromToWrongReturnDataERC1155Recipient() (gas: 993087)
+testSafeTransferFromToERC1155Recipient() (gas: 1210543)
+testFailBatchMintToWrongReturnDataERC1155Recipient() (gas: 314473)
+testFailBatchMintToRevertingERC1155Recipient() (gas: 362536)
+testBatchBurn() (gas: 146591)
+testFailBurnInsufficientBalance() (gas: 30352)
+testFailSafeTransferFromToWrongReturnDataERC1155Recipient() (gas: 243471)
+testFailMintToRevertingERC155Recipient() (gas: 263148)
+testFailSafeBatchTransferFromToNonERC1155Recipient() (gas: 849621)
+testFailSafeTransferFromInsufficientBalance() (gas: 579173)
+testFailSafeTransferFromToNonERC155Recipient() (gas: 100376)
+testFailBatchMintToNonERC1155Recipient() (gas: 171010)
+testSafeBatchTransferFromToEOA() (gas: 817122)
+testFailSafeTransferFromToRevertingERC1155Recipient() (gas: 291604)
+testBatchMintToEOA() (gas: 132842)
+testFailBatchBurnInsufficientBalance() (gas: 131673)
+testSafeBatchTransferFromToERC1155Recipient() (gas: 1650504)
+testFailBalanceOfBatchWithArrayMismatch() (gas: 4798)
+testFailSafeBatchTransferInsufficientBalance() (gas: 682003)
+testSafeTransferFromToEOA() (gas: 609087)
+testMintToERC1155Recipient() (gas: 612041)
+testFailBatchMintWithArrayMismatch() (gas: 5118)
+testBatchBalanceOf() (gas: 153798)
+testFailSafeTransferFromToZero() (gas: 57667)
+testFailSafeTransferFromSelfInsufficientBalance() (gas: 29956)
+testBurn() (gas: 34098)
+testFailBatchBurnWithArrayLengthMismatch() (gas: 131065)
+testFailMintToZero() (gas: 29205)
+testSafeTransferFromSelf() (gas: 59828)
+testFailMintToWrongReturnDataERC155Recipient() (gas: 263102)
+testInfiniteApproveTransferFrom() (gas: 387796)
+testApprove() (gas: 26558)
+testMetaData() (gas: 6966)
+testTransferFrom() (gas: 388134)
+testFailTransferFromInsufficientBalance() (gas: 359401)
+testFailPermitPastDeadline() (gas: 2197)
+testFailPermitReplay() (gas: 59949)
+testMint() (gas: 49180)
+testFailTransferFromInsufficientAllowance() (gas: 358925)
+testTransfer() (gas: 75628)
+testBurn() (gas: 52492)
+testPermit() (gas: 56782)
+testFailTransferInsufficientBalance() (gas: 48240)
+testFailPermitBadDeadline() (gas: 30486)
+testFailPermitBadNonce() (gas: 30436)
+testSafeTransferFromToERC721Recipient() (gas: 908869)
+testFailSafeMintToERC721RecipientWithWrongReturnDataWithData() (gas: 185732)
+testApprove() (gas: 96031)
+testFailBurnUnMinted() (gas: 3379)
+testFailSafeTransferFromToERC721RecipientWithWrongReturnDataWithData() (gas: 213867)
+testFailDoubleMint() (gas: 70935)
+testApproveAll() (gas: 26585)
+testFailApproveUnAuthorized() (gas: 73181)
+testFailSafeTransferFromToRevertingERC721RecipientWithData() (gas: 259577)
+testFailSafeMintToNonERC721RecipientWithData() (gas: 115867)
+testMetadata() (gas: 6492)
+testFailTransferFromWrongFrom() (gas: 71032)
+testFailSafeMintToRevertingERC721Recipient() (gas: 230626)
+testTransferFrom() (gas: 551359)
+testFailSafeMintToNonERC721Recipient() (gas: 115042)
+testFailDoubleBurn() (gas: 74563)
+testFailSafeMintToERC721RecipientWithWrongReturnData() (gas: 184893)
+testFailSafeTransferFromToNonERC721Recipient() (gas: 143245)
+testMint() (gas: 72701)
+testFailApproveUnMinted() (gas: 5694)
+testFailTransferFromToZero() (gas: 71031)
+testSafeMintToERC721Recipient() (gas: 408375)
+testSafeTransferFromToEOA() (gas: 556215)
+testSafeMintToEOA() (gas: 75400)
+testFailSafeTransferFromToERC721RecipientWithWrongReturnData() (gas: 213093)
+testTransferFromApproveAll() (gas: 553534)
+testFailTransferFromUnOwned() (gas: 3500)
+testFailSafeTransferFromToNonERC721RecipientWithData() (gas: 144048)
+testBurn() (gas: 76417)
+testFailSafeMintToRevertingERC721RecipientWithData() (gas: 231396)
+testFailMintToZero() (gas: 1253)
+testFailTransferFromNotOwner() (gas: 75544)
+testSafeMintToERC721RecipientWithData() (gas: 429537)
+testFailSafeTransferFromToRevertingERC721Recipient() (gas: 258848)
+testSafeTransferFromToERC721RecipientWithData() (gas: 930031)
+testTransferFromSelf() (gas: 103082)
+testFPow() (gas: 1651)
+testFailFDivZeroXY() (gas: 316)
+testSqrt() (gas: 2492)
+testFDiv() (gas: 733)
+testFDivEdgeCases() (gas: 581)
+testFMulEdgeCases() (gas: 801)
+testFailFDivXYB() (gas: 294)
+testFailFDivZeroY() (gas: 271)
 testFMul() (gas: 669)
+testSetRoles() (gas: 33023)
+testCanCallWithCustomAuthorityOverridesPublicCapability() (gas: 295417)
+testCanCallPublicCapability() (gas: 39631)
+testSetTargetCustomAuthority() (gas: 31736)
+testCanCallWithCustomAuthorityOverridesUserWithRole() (gas: 334265)
+testCanCallWithAuthorizedRole() (gas: 97461)
+testSetRoleCapabilities() (gas: 32997)
+testCanCallWithCustomAuthority() (gas: 466959)
+testSetPublicCapabilities() (gas: 31468)
 testNoReentrancy() (gas: 1015)
 testProtectedCall() (gas: 23649)
 testFailUnprotectedCall() (gas: 30515)
-testBasics() (gas: 76765)
-testRoot() (gas: 40181)
-testSanityChecks() (gas: 11630)
-testPublicCapabilities() (gas: 41708)
-testWriteRead() (gas: 53564)
-testWriteReadFullStartBound() (gas: 34778)
-testFailWriteReadEmptyOutOfBounds() (gas: 34479)
-testWriteReadFullBoundedRead() (gas: 53761)
+testSetRoles() (gas: 32998)
+testCanCallPublicCapability() (gas: 38436)
+testCanCallWithAuthorizedRole() (gas: 96267)
+testSetRoleCapabilities() (gas: 34588)
+testSetPublicCapabilities() (gas: 33244)
+testWriteRead() (gas: 53511)
+testWriteReadFullStartBound() (gas: 34725)
+testFailWriteReadEmptyOutOfBounds() (gas: 34432)
+testWriteReadFullBoundedRead() (gas: 53708)
 testFailReadInvalidPointer() (gas: 2905)
-testFailWriteReadOutOfStartBound() (gas: 34393)
+testFailWriteReadOutOfStartBound() (gas: 34346)
 testFailReadInvalidPointerCustomStartBound() (gas: 2982)
-testWriteReadEmptyBound() (gas: 34692)
-testFailWriteReadOutOfBounds() (gas: 34500)
-testWriteReadCustomBounds() (gas: 34906)
-testWriteReadCustomStartBound() (gas: 34821)
+testWriteReadEmptyBound() (gas: 34639)
+testFailWriteReadOutOfBounds() (gas: 34453)
+testWriteReadCustomBounds() (gas: 34853)
+testWriteReadCustomStartBound() (gas: 34768)
 testFailReadInvalidPointerCustomBounds() (gas: 3143)
 testSafeCastTo248() (gas: 433)
 testSafeCastTo128() (gas: 455)
@@ -68,8 +177,6 @@ testTransferWithNonContract() (gas: 3075)
 testApproveWithTransferFromSelf() (gas: 26416)
 testTransferWithTransferFromSelf() (gas: 28182)
 testFailTransferETHToContractWithoutFallback() (gas: 7222)
-testUpdateTrust() (gas: 12713)
-testSanityChecks() (gas: 4838)
 testPartialWithdraw() (gas: 68803)
 testDeposit() (gas: 58804)
 testFallbackDeposit() (gas: 59068)

.gitignore

@@ -1,2 +1,3 @@
-/out
-/node_modules
+/cache
+/node_modules
+/out

README.md

@@ -7,13 +7,14 @@
 ```ml
 auth
 ├─ Auth — "Flexible and updatable auth pattern"
-├─ Trust — "Ultra minimal authorization logic"
 ├─ authorities
 │  ├─ RolesAuthority — "Role based Authority that supports up to 256 roles"
-│  ├─ TrustAuthority — "Simple Authority which only authorizes trusted users"
+│  ├─ MultiRolesAuthority — "Flexible and target agnostic role based Authority"
 tokens
 ├─ WETH — "Minimalist and modern Wrapped Ether implementation"
 ├─ ERC20 — "Modern and gas efficient ERC20 + EIP-2612 implementation"
+├─ ERC721 — "Modern, minimalist, and gas efficient ERC721 implementation"
+├─ ERC1155 — "Minimalist and gas efficient standard ERC1155 implementation"
 utils
 ├─ SSTORE2 - "Library for cheaper reads and writes to persistent storage"
 ├─ CREATE3 — "Deploy to deterministic addresses without an initcode factor"

audits/v6-Fixed-Point-Solutions.pdf

@@ -1,22 +1,13 @@
 // SPDX-License-Identifier: AGPL-3.0-only
-pragma solidity >=0.7.0;
-
-/// @notice A generic interface for a contract which provides authorization data to an Auth instance.
-/// @author Modified from Dappsys (https://github.com/dapphub/ds-auth/blob/master/src/auth.sol)
-interface Authority {
-    function canCall(
-        address user,
-        address target,
-        bytes4 functionSig
-    ) external view returns (bool);
-}
+pragma solidity >=0.8.0;
 
 /// @notice Provides a flexible and updatable auth pattern which is completely separate from application logic.
+/// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/auth/Auth.sol)
 /// @author Modified from Dappsys (https://github.com/dapphub/ds-auth/blob/master/src/auth.sol)
 abstract contract Auth {
-    event OwnerUpdated(address indexed owner);
+    event OwnerUpdated(address indexed user, address indexed newOwner);
 
-    event AuthorityUpdated(Authority indexed authority);
+    event AuthorityUpdated(address indexed user, Authority indexed newAuthority);
 
     address public owner;
 
@@ -26,37 +17,48 @@ abstract contract Auth {
         owner = _owner;
         authority = _authority;
 
-        emit OwnerUpdated(_owner);
-        emit AuthorityUpdated(_authority);
+        emit OwnerUpdated(msg.sender, _owner);
+        emit AuthorityUpdated(msg.sender, _authority);
     }
 
-    function setOwner(address newOwner) public virtual requiresAuth {
-        owner = newOwner;
+    modifier requiresAuth() {
+        require(isAuthorized(msg.sender, msg.sig), "UNAUTHORIZED");
 
-        emit OwnerUpdated(owner);
+        _;
     }
 
-    function setAuthority(Authority newAuthority) public virtual requiresAuth {
-        authority = newAuthority;
+    function isAuthorized(address user, bytes4 functionSig) internal view virtual returns (bool) {
+        Authority auth = authority; // Memoizing authority saves us a warm SLOAD, around 100 gas.
 
-        emit AuthorityUpdated(authority);
+        // Checking if the caller is the owner only after calling the authority saves gas in most cases, but be
+        // aware that this makes protected functions uncallable even to the owner if the authority is out of order.
+        return (address(auth) != address(0) && auth.canCall(user, address(this), functionSig)) || user == owner;
     }
 
-    function isAuthorized(address user, bytes4 functionSig) internal view virtual returns (bool) {
-        Authority cachedAuthority = authority;
+    function setAuthority(Authority newAuthority) public virtual {
+        // We check if the caller is the owner first because we want to ensure they can
+        // always swap out the authority even if it's reverting or using up a lot of gas.
+        require(msg.sender == owner || authority.canCall(msg.sender, address(this), msg.sig));
 
-        if (address(cachedAuthority) != address(0)) {
-            try cachedAuthority.canCall(user, address(this), functionSig) returns (bool canCall) {
-                if (canCall) return true;
-            } catch {}
-        }
+        authority = newAuthority;
 
-        return user == owner;
+        emit AuthorityUpdated(msg.sender, newAuthority);
     }
 
-    modifier requiresAuth() {
-        require(isAuthorized(msg.sender, msg.sig), "UNAUTHORIZED");
+    function setOwner(address newOwner) public virtual requiresAuth {
+        owner = newOwner;
 
-        _;
+        emit OwnerUpdated(msg.sender, newOwner);
     }
 }
+
+/// @notice A generic interface for a contract which provides authorization data to an Auth instance.
+/// @author Solmate (https://github.com/Rari-Capital/solmate/blob/main/src/auth/Auth.sol)
+/// @author Modified from Dappsys (https://github.com/dapphub/ds-auth/blob/master/src/auth.sol)
+interface Authority {
+    function canCall(
+        address user,
+        address target,
+        bytes4 functionSig
+    ) external view returns (bool);
+}